Hi all,
have been using the splunklib package in Python to connect to the Splunk API for some time now, and it works fine. As sample search I use is provided below:
searchquery = """search index=wineventlog EventCode=4688 earliest=-4h | fields user, ETC, ETC, ETC
| table user, ETC, ETC, ETC"""
resolveQuery = SplunkQuery(host, port, username, password)
df = resolveQuery.splunk_fetch(searchquery)
The search return a pandas dataframe (in Python) containing the required information.
When I try to retrieve an inputlookup however, the search doesn't return any information, only an empty dataframe. Below is an example of a searchquery I use to try and retrieve an inputlookup:
searchquery = """search | inputlookup infomation.csv"""
Any help would be highly appreciated: how can I retrieve inputlookups using the Splunklib package in Python?
The inputlookup command is supposed to be the first command in a query. Try this:
searchquery = """| inputlookup infomation.csv"""
Thanks for your help
The inputlookup command is supposed to be the first command in a query. Try this:
searchquery = """| inputlookup infomation.csv"""